<?php
/*
 * scrumbrella - Scrum board.
 *
 * Copyright (C) 2009  Eliel C. Sardanons (LU1ALY) <eliels@gmail.com>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 */

/*!
 * \file
 * \brief Permissions API
 */

require_once("user.php");
require_once("db_schema.php");

/*!
 * \brief Check if a user has permissions assigned.
 * \param user_id The user id.
 * \param project_id The project id.
 * \param permission_name the name of the permission to check.
 * \retval 0 if it has no permission_name assigned.
 * \retval 1 if it has permissions.
 */
function permission_user($user_id, $project_id, $permission_name)
{

	$role_id = user_role($user_id, $project_id);
	if ($role_id <= 0) {
		return 0;
	}

	$query = "SELECT * FROM $role_permission_table AS rp, $permission_table AS pt WHERE".
		"rp.id_role = '$role_id' AND rp.id_permission = pt.id_permission AND pt.name = '$permission_name'";

	$res = db_query($query);
	if (db_error($res)) {
		logger_error("Unable to get permissions for user '$user_id': " . db_error_message($result));
		return 0;
	}

	if (db_numrows($res)) {
		return 1;
	}

	return 0;
}

/*!
 * \brief Check if the user is logged.
 * \param ifnotlogged Redirect to this page if the user is not logged.
 * \retval The user id if the user is logged.
 * \retval If the user is not logged it will never return!.
 */
function permission_redirect_user($ifnotlogged)
{
	session_start();

	if (!isset($_SESSION['sessid'])) {
		if ($ifnotlogged == "") {
			return -1;
		}
		header("Location: $ifnotlogged");
	} else {
		return $_SESSION['sessid'];
	}
}

/*!
 * \brief Get the role name based on its id.
 * \param id The role id.
 * \returns The role id name.
 */
function permission_role_byid($id)
{
	global $role_table;

	$query = "SELECT * FROM $role_table WHERE id_role = '$id'";
	$role = db_query($query);
	if (db_error($role) || !db_numrows($role)) {
		logger_error("Error while trying to get the role name with id '$id'");
		return "Unknown";
	}

	$data = db_fetchrow($role);
	return $data['name'];
}

/*! \brief return the list of access levels
 *  \retval < 0 Error
 *  \retval 0 no access list 
 *  \retval Array with access lists
 */
function permission_accesslevel_list() 
{
	global $accesslevel_table;

	$SQL = "SELECT * FROM $accesslevel_table";
	$res = db_query($SQL);

	if (db_error($res)) {
		logger_error("Unable to get access level list : " . db_error_message($result));
		return -1;
	}

	if (db_numrows($res) > 0) {
		$access_count = 0;
		while ($row = db_fetchrow($res)) {
			foreach ($row AS $key => $value) {
				$accesslevels[$access_count][$key] = $value;
			}
			$access_count++;
		}
		db_freeresult($res);

		return $accesslevels;
	} else {
		return 0;
	}
}

/*! \brief assign a role and a project to an user
 *  \param user id
 *  \param project id
 *  \param role id
 *  \retval < 0 error
 *  \retval 1 role assigned
 */
function permission_userproject_assign($user,$project,$role) 
{
	global $user_role_table;

	// Added check if insert or update a new role
	$SQL = "SELECT * FROM $user_role_table WHERE id_project=$project and id_user=$user";
	$res = db_query($SQL);

	if (db_error($res)) {
		logger_error(" Unable to get role list " . db_error_message($res));
		return -1;
	}
	
	// delete if the user have some role in this project
	if (db_numrows($res) > 0) {
		$SQL = "DELETE FROM $user_role_table WHERE id_project=$project and id_user=$user";
		$res = db_query($SQL);
	}

	// set new role
	$SQL = "INSERT INTO $user_role_table VALUES($project,$user,$role);";
	$res = db_query($SQL);

	if (db_error($res)) {
		logger_error("Unable to set access to project: " . db_error_message($result));
		return -1;
	}

	return 1;
}
?>
